RSS FeedSecurity
Law firm facing legal action over huge porn data security breach

Law firm facing legal action over huge porn data security breach

Privacy International cites risk to users’ personal data

By | Computerworld UK | Published 17:15,

Not-for-profit group Privacy International is readying itself for legal action against a British law firm, after people’s details were leaked onto the company's website in a denial of service attack.

ACS:Law had reportedly been tracking internet users for breach of copyright - after they may have illegally shared pornographic material - in order to take legal action.

Also in this channel
Related Articles

 

Virtualisation, Big Data and BYOD

Check out our Business IT Hub for opinions and briefings. Read more

The breach occurred on Friday evening, apparently after a distributed denial of service attack, with unencrypted emails sent to users appearing on the ACS:Law website. PI estimates the email archive has been downloaded “hundreds of thousands of times”.

When the data was leaked it became clear that “vast amounts of information” on “thousands” of users was being stored by the firm, PI said.

PI cited the Data Protection Act, which does not allow sensitive data to be stored on a public-facing website. A spokesperson at ACS:Law had not returned calls at the time of writing.

According to reports, one email contained the personal details of 10,000 people accused of file sharing pornography. Details included names, home addresses and IP addresses. Credit card details may have been included too.

Alexander Hanff, a lawyer for PI, said: “This data breach is likely to result in significant harm to tens of thousands of people in the form of fraud, identity theft and severe emotional distress.”

He added: "This firm collected this information by spying on internet users, and now it has placed thousands of innocent people at risk." PI has notified the Information Commissioner.

PI said there was “no evidence” to suggest ACS:Law’s web server had been compromised, but it added that the breach appeared to be down to “poor server administration” and a lack of security.

Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Does your company use managed print services?

Question of the day!

Does your company use managed print services?


% of Computerworld UK readers agree with you


Yes
TBC
No
TBC

What benefits do you believe managed print services offer?

123 characters remaining

Follow the conversation at @Think_Print

ComputerWorldUK Resources

ComputerworldUK
Share
x
Open
* *